Use case

Host level scan times from manual scan data

For host level scan times, all the values are in the Results section of IG QID 45038 labelled, Host Scan Time.

Below is a sample from a raw scan XML. Relevant text is in RESULT tag:

<SCANvalue="scan/1234567890.12345"> ...<IPvalue="192.168.1.1"name="you-supafly"> ...<INFOS> ...<CATvalue="Information gathering"> ...<INFOnumber="45038"severity="1"><TITLE>Host<![CDATA[ Scan Time]]></TITLE><LAST_UPDATE><![CDATA[2004-11-19T02:46:12Z]]></LAST_UPDATE><PCI_FLAG>0</PCI_FLAG><DIAGNOSIS><![CDATA[The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this host is reported in the Result section below.

<P>The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.]]></DIAGNOSIS><CONSEQUENCE><![CDATA[N/A]]></CONSEQUENCE><SOLUTION><![CDATA[N/A]]></SOLUTION><RESULT><![CDATA[Scan duration: 116 seconds

End time: Wed, Nov 13 2013, 08:44:36 GMT]]></RESULTS></DETECTION></DETECTION_LIST></HOST></HOST_LIST></RESPONSE></HOST_LIST_VM_DETECTION_OUTPUT><!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2013, Qualys, Inc. //-->

An example Chrome POSTMAN collection is attached as "VM, host list detection.json.postman_collection". Please note, the truncation limit is set to 10 instead of 0 for demonstration purposes.

I know this is an old doc, but as far as I can tell from the API queries I made the scan end time is not possible to calculate based on the duration + scan start time. This is because the duration doesn't include the time that a scan was paused, I have a scan that ran over 3 days, and the duration was ~9 hours, so I'm not able to get the end date from the API. Is there anyway to do this that I'm missing?

Try to identify the host that is the culprit and troubleshoot, and open a case with support to get more details. Exclude the culprithost from your regular scans to get your scans completed quickly and scan theculprit host independently.